Hercules | DAST ์ ์์: Hercules
Powerful web application security scanner. Analyze XSS, SQLi, ports, API, S3, subdomains and more.
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์คํฌ๋ฆฐ์ท
์ ๋ณด
Hercules DAST (Dynamic Application Security Testing) โ a professional tool for web application security analysis directly in your browser.
๐ Features:
โข robots.txt โ sensitive paths analysis (/admin, /api, /.env, /backup)
โข sitemap.xml โ hidden and sensitive URL discovery
โข Scripts โ HTTP/HTTPS check, external scripts, outdated libraries
โข DOM XSS โ vulnerability detection (innerHTML, eval, document.write)
โข Forms โ CSRF tokens, passwords in GET, autocomplete
โข Security Headers โ CSP, X-Frame-Options, X-Content-Type-Options
โข Cookies โ sensitive cookie analysis
โข CORS โ wildcard origin check
โข Ports โ open port scanning (80,443,8080,8443,3000,5000,8000)
โข API endpoints โ Swagger, OpenAPI, GraphQL discovery
โข SQL injection โ active form testing
โข XSS test โ active form testing
โข Directories โ brute force common paths (admin, .env, backup, .git)
โข S3 buckets โ open AWS S3 bucket discovery
โข Subdomains โ crt.sh and common subdomain enumeration
๐ Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
๐ก๏ธ All data is processed locally โ nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
๐ Features:
โข robots.txt โ sensitive paths analysis (/admin, /api, /.env, /backup)
โข sitemap.xml โ hidden and sensitive URL discovery
โข Scripts โ HTTP/HTTPS check, external scripts, outdated libraries
โข DOM XSS โ vulnerability detection (innerHTML, eval, document.write)
โข Forms โ CSRF tokens, passwords in GET, autocomplete
โข Security Headers โ CSP, X-Frame-Options, X-Content-Type-Options
โข Cookies โ sensitive cookie analysis
โข CORS โ wildcard origin check
โข Ports โ open port scanning (80,443,8080,8443,3000,5000,8000)
โข API endpoints โ Swagger, OpenAPI, GraphQL discovery
โข SQL injection โ active form testing
โข XSS test โ active form testing
โข Directories โ brute force common paths (admin, .env, backup, .git)
โข S3 buckets โ open AWS S3 bucket discovery
โข Subdomains โ crt.sh and common subdomain enumeration
๐ Results are displayed with severity statistics (Critical, High, Medium, Low) and can be exported to JSON or HTML.
๐ก๏ธ All data is processed locally โ nothing is sent to external servers.
Developed for pentesters, developers, and security professionals.
0๋ช
์ด 0์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ๋ธ๋ผ์ฐ์ ํญ์ ์ ๊ทผ
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๊ฐ ์ด ํ์ฅ ๊ธฐ๋ฅ์ ๋ฐ์ดํฐ ์์ง์ด ํ์ํ์ง ์๋ค๊ณ ํฉ๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 1.0.0
- ํฌ๊ธฐ
- 63.47 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- 11์ผ ์ (2026๋ 3์ 27์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- Mozilla Public License 2.0
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ